There are several National data protection authorities across the world, tasked with protecting
information privacy. In the
European Union
The European Union (EU) is a supranational union, supranational political union, political and economic union of Member state of the European Union, member states that are located primarily in Europe, Europe. The union has a total area of ...
and the
EFTA
The European Free Trade Association (EFTA) is a regional trade organization and free trade area consisting of four European states: Iceland, Liechtenstein, Norway and Switzerland. The organization operates in parallel with the European U ...
member countries, their status was formalized by the
Data Protection Directive and they were involved in the Madrid Resolution.
This project is a part of the work of the
International Law Commission
The International Law Commission (ILC) is a body of experts responsible for helping develop and codify international law. It is composed of 34 individuals recognized for their expertise and qualifications in international law, who are elected by t ...
of the
United Nations
The United Nations (UN) is an intergovernmental organization whose stated purposes are to maintain international peace and security, develop friendly relations among nations, achieve international cooperation, and be a centre for harmoni ...
.
Authorities by group of states
* On the European level, it is the G29 and the
European Data Protection Supervisor (EDPS). The process was backed in 2005 by the
Council of Europe
The Council of Europe (CoE; french: Conseil de l'Europe, ) is an international organisation founded in the wake of World War II to uphold human rights, democracy and the rule of law in Europe. Founded in 1949, it has 46 member states, with a p ...
, during the
World Summit on the Information Society (Tunis, November 2005), and in 2006/2007 within forums on Internet governance (Athens 2006, Rio 2007).
* On 12 June 2007,
OECD
The Organisation for Economic Co-operation and Development (OECD; french: Organisation de coopération et de développement économiques, ''OCDE'') is an intergovernmental organisation with 38 member countries, founded in 1961 to stimulate ...
recommendation regarding "trans-frontier cooperation for legislations protecting privacy enforcement" was adopted. It aimed in particular to "improve national
Privacy law
Privacy law is the body of law that deals with the regulating, storing, and using of personally identifiable information, personal healthcare information, and financial information of individuals, which can be collected by governments, public o ...
enforcements so that national authorities can better cooperate with foreign authorities and put in place efficient international mechanisms to ease trans-frontier cooperation for legislations protecting privacy
enforcement
Enforcement is the proper execution of the process of ensuring compliance with laws, regulations, rules, standards, and social norms.
Governments attempt to effectuate successful implementation of policies by enforcing laws and regulations.
E ...
".
* An Ibero-American network of data protection exists. In May 2008, during its 6th meeting, in Colombia, its declaration asking international conferences on data protection and privacy to "pursue their efforts, regardless of their geographical location, in order to adopt common legal instruments".
* Another network is that of the Central and Eastern data protection authority (CEDPA). This network has expressed its will to pursue and strengthen its activities within the CEDPA, notably to elaborate common solutions and assist new members with the establishment of data protection legislation. That was during the June 2008 meeting in Poland.
List of national data protection authorities
European Economic Area
* :
Austrian Data Protection Authority
Austrian may refer to:
* Austrians, someone from Austria or of Austrian descent
** Someone who is considered an Austrian citizen, see Austrian nationality law
* Austrian German dialect
* Something associated with the country Austria, for example: ...
(german: Datenschutzbehörde)
* :
Belgian Data Protection Authority
Belgian may refer to:
* Something of, or related to, Belgium
* Belgians, people from Belgium or of Belgian descent
* Languages of Belgium, languages spoken in Belgium, such as Dutch, French, and German
*Ancient Belgian language, an extinct languag ...
( nl, Gegevensbeschermingsautoriteit (GBA), french: Autorité de protection des données (APD), german: Datenschutzbehörde), also known as APD-GBA
* :
Bulgarian Data Protection Authority ( bg, Комисия за защита на личните данни)
* :
Office of the Commissioner for Personal Data Protection ( el, Γραφείο Επιτρόπου Προστασίας Δεδομένων Προσωπικού Χαρακτήρα)
* : Office for Personal Data Protection ( cs, Úřad pro ochranu osobních údajů (ÚOOÚ))
* :
Danish Data Protection Agency
The Danish Data Protection Agency () was created, following the implementation of EU Directive 95/46/EC, regarding the protection of individuals with regard to the process of personal information and the movement of such.
The agency exercises s ...
( da, Datatilsynet)
* :
Estonian Data Protection Inspectorate
Estonian may refer to:
* Something of, from, or related to Estonia, a country in the Baltic region in northern Europe
* Estonians, people from Estonia, or of Estonian descent
* Estonian language
* Estonian cuisine
* Estonian culture
See also
*
...
( et, Andmekaitse Inspektsioon)
* :
Office of the Data Protection Ombudsman
An office is a space where an organization's employees perform administrative work in order to support and realize objects and goals of the organization. The word "office" may also denote a position within an organization with specific du ...
( fi, Tietosuojavaltuutetun toimisto)
* : (
lit. 'National Commission on Informatics and Liberty'), also known as CNIL
* :
Federal Commissioner for Data Protection and Freedom of Information (german: Bundesbeauftragter für den Datenschutz und die Informationsfreiheit (BfDI))
** Note: Competent supervisory authorities for the enforcement of data protection in the private sector are the respective state authorities.
* :
Hellenic Data Protection Authority ( el, Αρχή Προστασίας Δεδομένων Προσωπικού Χαρακτήρα), also known as HDPA
* :
( hu, Nemzeti Adatvédelmi és Információszabadság Hatóság (NAIH))
* :
Data Protection Authority ( is, Persónuvernd)
* :
Data Protection Commissioner
The Office of the Data Protection Commissioner (Irish: An Coimisinéir Cosanta Sonraí) (DPC), also known as Data Protection Commission, is the independent national authority responsible for upholding the EU fundamental right of individuals to ...
( ga, An Coimisinéir Cosanta Sonraí), also known as DPC
* :
Italian Data Protection Authority
Italian(s) may refer to:
* Anything of, from, or related to the people of Italy over the centuries
** Italians, an ethnic group or simply a citizen of the Italian Republic or Italian Kingdom
** Italian language, a Romance language
*** Regional Ita ...
( it, Garante per la Protezione dei Dati Personali), also known as Italian DPA
* :
Data State Inspectorate
In the pursuit of knowledge, data (; ) is a collection of discrete values that convey information, describing quantity, quality, fact, statistics, other basic units of meaning, or simply sequences of symbols that may be further interpreted ...
( lv, Datu valsts inspekcija, russian: Государственная инспекция данных)
* :
Datenschutzstelle
* :
State Data Protection Inspectorate ( lt, Valstybinė duomenų apsaugos inspekcija (VDAI))
* :
National Commission for Data Protection
National may refer to:
Common uses
* Nation or country
** Nationality – a ''national'' is a person who is subject to a nation, regardless of whether the person has full rights as a citizen
Places in the United States
* National, Maryland, c ...
(german: Nationale Kommission für den Datenschutz, french: Commission nationale pour la protection des données), also known as CNPD
* :
Office of the Information and Data Protection Commissioner
An office is a space where an Organization, organization's employees perform Business administration, administrative Work (human activity), work in order to support and realize objects and Goals, plans, action theory, goals of the organizati ...
, also known as IDPC
* :
Dutch Data Protection Authority ( nl, Autoriteit Persoonsgegevens (AP))
* :
Norwegian Data Protection Authority
The Norwegian Data Protection Authority ( no, Datatilsynet) is an agency of the Norwegian Government responsible for managing the ''Personal Data Act 2000'', concerning privacy concerns. This Act replaced the ''Data Register Act 1978''.
The ...
( no, Datatilsynet)
* :
Polish Data Protection Commissioner
The Office of the Polish Data Protection Commissioner or officially President of the Personal Data Protection Office ( Polish: ''Prezes Urzędu Ochrony Danych Osobowych'', ''PUODO'') is an independent national data protection authority responsible ...
( pl, Urząd Ochrony Danych Osobowych (UODO))
* :
National Commission Data Protection
National may refer to:
Common uses
* Nation or country
** Nationality – a ''national'' is a person who is subject to a nation, regardless of whether the person has full rights as a citizen
Places in the United States
* National, Maryland, c ...
( pt, Comissão Nacional de Proteção de Dados (CNPD)), also known as NCDP
* :
( ro, Autoritatea Naţională de Supraveghere a Prelucrării Datelor cu Caracter Personal), also known as ANSPDCP
* :
Office for Personal Data Protection of the Slovak Republic
An office is a space where an organization's employees perform administrative work in order to support and realize objects and goals of the organization. The word "office" may also denote a position within an organization with specific dut ...
( sk, Úrad na ochranu osobných údajov Slovenskej republiky)
* :
Information Commissioner of the Republic of Slovenia
Information is an Abstraction, abstract concept that refers to that which has the power to Communication, inform. At the most fundamental level information pertains to the Interpretation (logic), interpretation of that which may be sensed. ...
( sl, Republika Slovenija Informacijski pooblaščenec)
* :
Spanish Data Protection Agency
The Spanish Data Protection Agency (AEPD, es, Agencia Española de Protección de Datos) is an independent agency of the government of Spain which oversees the compliance with the legal provisions on the protection of personal data. The agency ...
( es, Agencia Española de Protección de Datos (AEPD))
**: Transparency and Data Protection Council of Andalusia ( es, Consejo de Transparencia y Protección de Datos de Andalucía)
** :
Basque Data Protection Authority
Basque may refer to:
* Basques, an ethnic group of Spain and France
* Basque language, their language
Places
* Basque Country (greater region), the homeland of the Basque people with parts in both Spain and France
* Basque Country (autonomous co ...
( eu, Datuak Babesteko Euskal Bulegoa, es, Agencia Vasca de Protección de Datos)
** :
Catalan Data Protection Authority
Catalan may refer to:
Catalonia
From, or related to Catalonia:
* Catalan language, a Romance language
* Catalans, an ethnic group formed by the people from, or with origins in, Northern Catalonia, Northern or southern Catalonia
Places
* 13178 Ca ...
( ca, Autoritat Catalana de Protecció de Dades (APDCAT))
* :
Swedish Data Protection Authority
The Swedish Authority for Privacy Protection ( sv, Integritetsskyddsmyndigheten), formerly the Swedish Data Protection Authority ( sv, Datainspektionen), is a Swedish government agency, organized under the Ministry of Justice, tasked to protect ...
( sv, Datainspektionen), also known as Swedish DPA
* :
Information Commissioner's Office
The Information Commissioner's Office (ICO) is a non-departmental public body which reports directly to the Parliament of the United Kingdom and is sponsored by the Department for Digital, Culture, Media and Sport (DCMS). It is the independe ...
, also known as ICO
Europe
*
Information and Data Protection Commissioner (IDP)Komisionerit për të Drejtën e Informimit dhe Mbrojtjen e të Dhënave Personale(KDIMDP))
* :
Data Protection Agency of Andorra ( ca, Agència Andorrana de Protecció de Dades (APDA))
* :
Croatian Personal Data Protection Agency
Croatian may refer to:
*Croatia
*Croatian language
*Croatian people
*Croatians (demonym)
See also
*
*
* Croatan (disambiguation)
* Croatia (disambiguation)
* Croatoan (disambiguation)
* Hrvatski (disambiguation)
* Hrvatsko (disambiguation)
...
( hr, Agencija za zaštitu osobnih podataka (AZOP))
* :
Personal Data Protection Service ( ka, პერსონალურ მონაცემთა დაცვის სამსახური)
* :
Data Protection Office
* :
Directorate for Personal Data Protection
Directorate may refer to:
Contemporary
*Directorates of the Scottish Government
* Directorate-General, a type of specialised administrative body in the European Union
* Directorate-General for External Security, the French external intelligence a ...
( mk, Дирекција за заштита на лични податоци)
* :
Office of the Data Protection Supervisor
The Isle of Man Information Commissioner ( gv, Oik Oaseir Coadey Fysseree) is the national data protection authority for the Isle of Man under the Data Protection Act 2002 (an Act of Tynwald). The office was originally created as the Isle of Ma ...
* : ''
Commission de contrôle des informations nominatives'' (
lit. 'Personal Data Control Board'), also known as CCIN
* :
(''Roskomnadzor'')
* :
Commissioner for Information of Public Importance and Personal Data Protection ( sr, Повереник за информације од јавног значаја и заштиту података о личности)
* :
Federal Data Protection and Information Commissioner
french: Préposé fédéral à la protection des données et à la transparence it, Incaricato federale della protezione dei dati e della trasparenza
, logo = Logo der Schweizerischen Eidgenossenschaft.svg
, logo_width = 300px
, lo ...
(german: Eidgenössischer Datenschutz- und Öffentlichkeitsbeauftragter (EDÖB), french: Préposé fédéral à la protection des données et à la transparence (PFPDT), it, Incaricato federale della protezione dei dati e della trasparenza (IFPDT)), also known as FDPIC
* :
Turkish Data Protection Authority
The Turkish Data Protection Authority ( tr, Kişisel Verileri Koruma Kurumu, KVKK) is a government organization in Turkey which provides the protection of personal data and works to develop awareness in this respect in the public eye in line wit ...
( tr, Kişisel Verileri Koruma Kurumu (KVKK))
*
Ukrainian Parliament Commissioner for Human Rights( uk, Уповноважений Верховної Ради України з прав людини)
Africa
* :
Data Protection Agency ( pt, Agência de Proteção de Dados), known as APD
* : No national authority is responsible for data protection.
* :
Data Protection Commission
* : ''
Commission nationale de contrôle de la protection des données à caractère personnel'' (
lit. 'National Commission for the Control of the Protection of Personal Data'), also known as CNDP
* : No national authority is responsible for data protection.
* :
National Information Technology Development Agency
National Information Technology Development Agency (NITDA) is a public service institution established by NITDA Act 2007 as the ICT policy implementing arm of the Federal Ministry of Communication and Digital Economy (Nigeria), Federal Ministry of ...
(NITDA) and
Nigerian Communications Commission
The Nigerian Communications Commission (NCC) is the independent regulatory authority for the telecommunications industry in Nigeria. The NCC was created under Decree number 75 by the Federal Military Government of Nigeria on 24 November 1992. The ...
(NCC) provide services regarding data protection.
* :
Information Regulator
* :
National Authority for Protection of Personal Data
National may refer to:
Common uses
* Nation or country
** Nationality – a ''national'' is a person who is subject to a nation, regardless of whether the person has full rights as a citizen
Places in the United States
* National, Maryland, c ...
(french: Instance nationale de protection des données personnelles), known as INPDP
* : There is currently no data protection authority but the
Zimbabwe Media Commission comments on the degree of protection of privacy from public bodies programs.
Asia
* :
Cyberspace Administration of China
The Cyberspace Administration of China (CAC; ) is the central internet regulator, censor, oversight, and control agency for the People's Republic of China. The office also holds the administrative title of the party's Office of the Central C ...
(CAC)
* :
Office of the Privacy Commissioner for Personal Data
The Office of the Privacy Commissioner for Personal Data (PCPD) is a Hong Kong statutory body enforcing the Personal Data (Privacy) Ordinance, which secured the protection of privacy of individuals. The office is headed by the Privacy Commissio ...
(PCPD)
* : No national authority is responsible for data protection.
* : No national authority is responsible for data protection.
* : The Privacy Protection Authority ( he, הרשות להגנת הפרטיות)
* :
Personal Information Protection Commission (Japan)
The is a Japanese government commission charged with the protection of personal information. It was established on January 1, 2016 to replaces the Specific Personal Information Protection Commission. The commission consisted of eight commissione ...
(PPC)
* : Data protection is regulated by the state.
* :
Office for Personal Data Protection
An office is a space where an organization's employees perform administrative work in order to support and realize objects and goals of the organization. The word "office" may also denote a position within an organization with specific dut ...
, known as OPDP
* : There is a Personal Data Protection Commissioner
* : No national authority is responsible for data protection.
* :
National Privacy Commission
The National Privacy Commission, or NPC, is an independent body created under Republic Act No. 10173 or the Data Privacy Act of 2012,Republic Act No. 10173: An Act Protecting Individual Personal Information in Information and Communications Sys ...
* :
Qatar Ministry of Transport and Communications
Qatar (, ; ar, قطر, Qaṭar ; local vernacular pronunciation: ), officially the State of Qatar,) is a country in Western Asia. It occupies the Qatar Peninsula on the northeastern coast of the Arabian Peninsula in the Middle East; it sha ...
* : No national authority is responsible for data protection.
* : A Personal Data Protection Commission is created following the
Personal Data Protection Act 2012 (Singapore)
The Personal Data Protection Act 2012 ("PDPA") sets out the law on data protection in Singapore. The PDPA regulates the processing of personal data in the private sector.
Overview
The PDPA establishes a general data protection regime, origina ...
* :
Personal Information Protection Commission (South Korea)
The Personal Information Protection Commission is national data protection authority of South Korea. It is formed as independent agency in year 2011 by 'Personal Information Protection Act(PIPA, ko, 개인정보 보호법)', and is now located in ...
(PIPC)
* : No national authority is responsible for data protection.
* :
* : No national authority is responsible for data protection.
* : Regulators for data protection are sector-specific.
Oceania
* :
Office of the Australian Information Commissioner
The Office of the Australian Information Commissioner (OAIC), known until 2010 as the Office of the Australian Privacy Commissioner is an independent Australian Government agency, acting as the national data protection authority for Australia, est ...
* :
Privacy Commissioner (New Zealand)
The Office of the Privacy Commissioner (New Zealand) administers the Privacy Act 2020. The Privacy Commissioner is entrusted to protect personal information of New Zealanders in accordance with the Privacy Act. Current Privacy Commissioner, Mich ...
North America
* :
Office of the Privacy Commissioner of Canada
The privacy commissioner of Canada (french: Commissaire à la protection de la vie privée du Canada) is a non-partisan ombudsman and officer of the Parliament of Canada. The commissioner investigates complaints regarding violations of the fed ...
(french: Commissariat à la protection de la vie privée du Canada)
* :
National Institute of Transparency for Access to Information and Personal Data Protection ( es, Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales (INAI))
* : There is no single national authority.
South America
* :
Dirección Nacional de Protección de Datos Personales (
lit. 'National Directorate for Personal Data Protection'), known as PDP
* : No national authority is responsible for data protection.
* : National Data Protection Authority (ANPD)
* : There is no dedicated authority.
* :
Superintendency of Industry and Commerce
The Superintendency of Industry and Commerce (SIC) is the Competition regulator in Colombia. It is the statutory body of Government of Colombia
The Government of Colombia is a republic with separation of powers into executive, judicial and leg ...
(SIC)
* :
Agency for the Protection of Individual's Data ( es, Agencia de Protección de datos de los Habitantes), known as PRODHAB
* : No national authority is responsible for data protection.
* :
National Civil Registry ( es, Registro Nacional de las Personas) and
Institute for the Access to Public Information ( es, Instituto Acceso Informacion Publica)
* : No national authority is responsible for data protection.
* :
Ministerio de Justicia y Derechos Humanos (Perú) (
lit. 'Ministry of Justice and Human Rights')
* : Personal Data Control and Regulatory Unit.
* : No national authority is responsible for data protection.
See also
General aspects
*
Behavioural targeting
*
Biometric Information Privacy Act
Illinois set forth the Biometric Information Privacy Act on October 3, 2008, in an effort to regulate the collection, use, and handling of biometric identifiers and information by private entities. Notably, the Act does not apply to government en ...
*
CNIL
*
Cookies (Internet)
*
Data security
Data security means protecting digital data, such as those in a database, from destructive forces and from the unwanted actions of unauthorized users, such as a cyberattack or a data breach.
Technologies
Disk encryption
Disk encryption refe ...
*
Database
In computing, a database is an organized collection of data stored and accessed electronically. Small databases can be stored on a file system, while large databases are hosted on computer clusters or cloud storage. The design of databases s ...
*
Digital identity
A digital identity is information used by computer systems to represent an external agent – a person, organization, application, or device. Digital identities allow access to services provided with computers to be automated and make it possibl ...
*
Geolocation Privacy and Surveillance Act
The Geolocation Privacy and Surveillance Act (GPS Act) was a Bill (law), bill introduced in the U.S. Congress in 2011 that attempted to limit government surveillance using geolocation information such as signals from global positioning system, GPS ...
*
Health data
Health data is any data "related to health conditions, reproductive outcomes, causes of death, and quality of life" for an individual or population. Health data includes clinical metrics along with environmental, socioeconomic, and ...
*
Identity (psychology)
Identity is the qualities, beliefs, personality traits, appearance, and/or expressions that characterize a person or group.Compare ''Collins Dictionary of Sociology'', quoted in
In sociology, emphasis is placed on collective identity, in which ...
*
Identity (social science)
*
Information leakage
Information leakage happens whenever a system that is designed to be closed to an eavesdropper reveals some information to unauthorized parties nonetheless. In other words: Information leakage occurs when secret information correlates with, or can ...
*
Information security
Information security, sometimes shortened to InfoSec, is the practice of protecting information by mitigating information risks. It is part of information risk management. It typically involves preventing or reducing the probability of unauthorize ...
*
Obfuscation
*
On the Internet, nobody knows you're a dog
"On the Internet, nobody knows you're a dog" is an adage and Internet meme about Internet anonymity which began as a caption to a cartoon drawn by Peter Steiner, published by ''The New Yorker'' on July 5, 1993. dead link The words are those ...
*
Passenger name record
A passenger name record (PNR) is a record in the database of a computer reservation system (CRS) that contains the itinerary for a passenger or a group of passengers travelling together. The concept of a PNR was first introduced by airlines that ...
*
Social web
The social web is a set of social relations that link people through the World Wide Web. The social web encompasses how websites and software are designed and developed in order to support and foster social interaction. These online social inte ...
*
User profile
A user profile is a collection of settings and information associated with a user. It contains critical information that is used to identify an individual, such as their name, age, portrait photograph and individual characteristics such as ...
*
Violation of privacy
The right to privacy is an element of various legal traditions that intends to restrain governmental and private actions that threaten the privacy of individuals. Over 150 national constitutions mention the right to privacy. On 10 December 19 ...
Technical aspects
*
Digital certificate
In cryptography, a public key certificate, also known as a digital certificate or identity certificate, is an electronic document used to prove the validity of a public key. The certificate includes information about the key, information about the ...
*
OpenID
OpenID is an open standard and decentralized authentication protocol promoted by the non-profit OpenID Foundation. It allows users to be authenticated by co-operating sites (known as relying parties, or RP) using a third-party identity provider ...
*
Strong authentication
Strong authentication is a notion with several definitions.
Strong (customer) authentication definitions
Strong authentication is often confused with two-factor authentication (more generally known as multi-factor authentication), but strong a ...
*
:Identity management
Legal aspects
*
Escrow
An escrow is a contractual arrangement in which a third party (the stakeholder or escrow agent) receives and disburses money or property for the primary transacting parties, with the disbursement dependent on conditions agreed to by the transacti ...
*
Identity document
*
Identity theft
Identity theft occurs when someone uses another person's personal identifying information, like their name, identifying number, or credit card number, without their permission, to commit fraud or other crimes. The term ''identity theft'' was c ...
*
Personal identity verification
FIPS 201 (Federal Information Processing Standard Publication 201) is a United States federal government standard that specifies Personal Identity Verification (PIV) requirements for Federal employees and contractors.
In response to HSPD-12, the ...
*
Protection Profile
A Protection Profile (PP) is a document used as part of the certification process according to ISO/IEC 15408 and the Common Criteria (CC). As the generic form of a Security Target (ST), it is typically created by a user or user community and provid ...
References
External links
List of national data protection authorities in EuropeInternational Conference of Data Protection and Privacy CommissionersHandbook on European data protection law
{{Portal bar, European Union, Law
Information privacy